From 4395bb4a279b57c124cb44255f2a8bf9f0bedd70 Mon Sep 17 00:00:00 2001
Message-Id: <4395bb4a279b57c124cb44255f2a8bf9f0bedd70.1430931597.git.jen@redhat.com>
In-Reply-To: <167537380706cbdedae56a1c6445daa9e414396d.1430931597.git.jen@redhat.com>
References: <167537380706cbdedae56a1c6445daa9e414396d.1430931597.git.jen@redhat.com>
From: Markus Armbruster <armbru@redhat.com>
Date: Wed, 6 May 2015 07:51:10 -0500
Subject: [CHANGE 8/9] util/uri: URI member path can be null, compare more
 carfully
To: rhvirt-patches@redhat.com,
    jen@redhat.com

RH-Author: Markus Armbruster <armbru@redhat.com>
Message-id: <1430898671-22595-8-git-send-email-armbru@redhat.com>
Patchwork-id: 65015
O-Subject: [RHEL-6.7 qemu-kvm PATCH 7/8] util/uri: URI member path can be null, compare more carfully
Bugzilla: 1205288
RH-Acked-by: Max Reitz <mreitz@redhat.com>
RH-Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
RH-Acked-by: Laszlo Ersek <lersek@redhat.com>

uri_resolve_relative() calls strcmp(bas->path, ref->path).  However,
either argument could be null!  Evidence: the code checks for null
after the comparison.  Spotted by Coverity.

I suspect this was screwed up when we stole the code from libxml2.
There the conditional reads

    xmlStrEqual((xmlChar *)bas->path, (xmlChar *)ref->path)

with

    int
    xmlStrEqual(const xmlChar *str1, const xmlChar *str2) {
	if (str1 == str2) return(1);
	if (str1 == NULL) return(0);
	if (str2 == NULL) return(0);
	do {
	    if (*str1++ != *str2) return(0);
	} while (*str2++);
	return(1);
    }

Fix by replicating libxml2's logic faithfully.

Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit afb30dde3ad71349fc65726946d58e5d3c61f8af)
Signed-off-by: Jeff E. Nelson <jen@redhat.com>

Conflicts:
	util/uri.c

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Jeff E. Nelson <jen@redhat.com>
---
 uri.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/uri.c b/uri.c
index 0dc256a..4ef7104 100644
--- a/uri.c
+++ b/uri.c
@@ -1935,7 +1935,8 @@ uri_resolve_relative (const char *uri, const char * base)
 	val = g_strdup (uri);
 	goto done;
     }
-    if (!strcmp(bas->path, ref->path)) {
+    if (bas->path == ref->path ||
+        (bas->path && ref->path && !strcmp(bas->path, ref->path))) {
 	val = g_strdup("");
 	goto done;
     }
-- 
2.1.0

